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AMENDMENTS TO THE CLAIMS: 

1 . (Previously Presented) A method for communicating between a first private 
network and a second private network configured from nodes in a public network, 
comprising: 

receiving a non-tunneled packet from a source node in the first private 
network; 

determining whether the packet is destined for the second private network; 
obtaining an address mapping corresponding to a destination node in the 
second private network and acquiring a channel key associated 
with a channel based on the determination, 

wherein the channel comprises a plurality of non-tunneled 
virtual links through the public network that connects 
a plurality of channel nodes, the channel nodes 
including the source node and the destination node, 
wherein only the channel nodes are permitted to 

communicate over the channel, 
wherein the channel key is updated upon an addition of a 

new channel node to the channel, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel; and 
forwarding the packet over the channel to the destination node. 

2. (Previously Presented) The method of claim 1, said forwarding comprising: 

sending the packet to the destination node using the address mapping, 
the address mapping reflecting a relationship between an internal 
address for the destination node for use in communicating among 
nodes in the second private network and an external address for 
the destination node suitable for communicating over the public 
network. 
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3. (Previously Presented) The method of claim 2, said sending further comprising, 

adding the external address to the packet. 

4. (Previously Presented) The method of claim 2, said sending further comprising, 

encrypting the packet. 

5. (Previously Presented) The method of claim 2, said obtaining comprising, 

accessing the address mapping based on a determination that the packet 
is destined for the second private network. 

6. (Previously Presented) The method of claim 1 , said determining comprising, 

determining whether an address mapping exists for a destination address 
in the packet. 

7. (Previously Presented) A method for communicating between a first private 
network and a second private network configured from nodes in a public network, 
comprising: 

receiving a non-tunneled packet from a source node in the first private 
network; 

determining whether the packet is destined for the second private network; 
obtaining an address mapping corresponding to a destination node in the 
second private network and acquiring a channel key associated 
with a channel based on the determination, 

wherein the channel comprises a plurality of non-tunneled 
virtual links through the public network that connects 
a plurality of channel nodes, the channel nodes 
including the source node and the destination node, 
wherein only the channel nodes are permitted to 
communicate over the channel, 
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wherein the channel key is updated upon an addition of a 

new channel node to the channel, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes fronn the channel; and 
sending the packet over the channel to the destination node using the 
address mapping, the address mapping reflecting a relationship 
between an internal address for the destination node for use in 
communicating among nodes in the second private network and an 
external address for the destination node suitable for 
communicating over the public network. 

(Previously Presented) A method for communicating between a first private 
network and a second private network that uses a public network infrastructure, 
comprising: 

receiving a non-tunneled packet from a source node in the second private 
network; 

determining whether the packet is destined for the second private network; 
obtaining an address mapping corresponding to a router node in the first 
private network and acquiring a channel key associated with a 
channel based on the determination, 

wherein the channel comprises a plurality of non-tunneled 
virtual links through the public network that connects 
a plurality of channel nodes, the channel nodes 
including the source node and the router node, 
wherein only the channel nodes are permitted to 

communicate over the channel, 
wherein the channel key is updated upon an addition of a 

new channel node to the channel, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel; and 
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forwarding tlie packet over tine channel to a destination node in the first 
private network. 

9. (Previously Presented) The method of claim 8, said fonA/arding comprising: 

sending the packet to the router node using the address mapping, wherein 
the router node fonA/ards the packet to the destination node based 
on an internal address in the packet for the destination node 
suitable for communicating among nodes in the first private 
network. 

10. (Previously Presented) The method of claim 9, said sending further comprising, 

adding, to the packet, an external address for the router node suitable for 
communicating over the public infrastructure. 

1 1 . (Previously Presented) The method of claim 9, said sending further comprising, 

encrypting the packet. 

12. (Previously Presented) The method of claim 9, said obtaining comprising, 

accessing the address mapping based on a determination that the packet 
is not destined for the second private network. 

13. (Previously Presented) The method of claim 8, said determining comprising, 

determining whether an address mapping exists for a destination address 
in the packet. 

14. (Previously Presented) A method for communicating between a first private 
network and a second private network that uses a public network infrastructure, 
comprising: 

receiving a non-tunneled packet from a source node in the second private 
network; 
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determining whether the packet is destined for the second private network; 
obtaining an address mapping corresponding to a router node and 

acquiring a channel key associated with a channel based on the 

determination, 

wherein the channel comprises a plurality of non-tunneled 
virtual links through the public network that connects 
a plurality of channel nodes, the channel nodes 
including the source node and the router node, 
wherein only the channel nodes are permitted to 

communicate over the channel, 
wherein the channel key is updated upon an addition of a 

new channel node to the channel, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel; and 
sending the packet over the channel to the router node using the address 
mapping, wherein the router node forwards the packet to a 
destination node in the first private network based on an internal 
address in the packet for the destination node suitable for 
communicating among nodes in the first private network. 

(Previously Presented) An apparatus for communicating between a first private 
network and a second private network that uses a public network infrastructure, 
comprising: 

a memory having program instructions; and 

a processor responsive to the program instructions to: 

receive a non-tunneled packet from a source node in the first 

private network, 
determine whether the packet is destined for the second 
private network. 
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acquire a cliannel key associated with a channel based on 
the determination, 

wherein the channel comprises a plurality of non- 
tunneled virtual links through the public 
network that connects a plurality of channel 
nodes, the channel nodes including the source 
node and a destination node in the second 
private network, 

wherein only the channel nodes are permitted to 
communicate over the channel, 

wherein the channel key is updated upon an addition 
of a new channel node to the channel, and 

wherein the channel key is updated upon a departure 
of one of the channel nodes from the channel; 
and 

forward the packet over the channel to the destination node. 

(Previously Presented) An apparatus for communicating between a first private 
network and a second private network that uses a public network infrastructure, 
comprising: 

a memory having program instructions; and 

a processor responsive to the program instructions to: 

receive a non-tunneled packet from a source node in the 

second private network, 
determine whether the packet is destined for the second 

private network, and 
acquire a channel key associated with a channel based on 
the determination, 

wherein the channel comprises a plurality of non- 
tunneled virtual links through the public 
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network that connects a plurality of channel 
nodes, the channel nodes including the source 
node and a destination node in the first private 
network, 

wherein only the channel nodes are permitted to 

communicate over the channel, [[and]] 
wherein the channel key is updated upon an addition 

of a new channel node to the channel, and 
wherein the channel key is updated upon a departure 

of one of the channel nodes from the channel; 

and 

forward the packet over the channel to the destination node. 

(Previously Presented) A tangible computer-readable storage medium 
containing instructions which, when executed by a processor, perform a method 
for communicating between a first private network and a second private network 
that uses a public network infrastructure, the method comprising: 

receiving a non-tunneled packet from a source node in the first private 
network; 

determining whether the packet is destined for the second private network; 
obtaining an address mapping corresponding to a destination node in the 
second private network and acquiring a channel key associated 
with a channel based on the determination, 

wherein the channel comprises a plurality of non-tunneled 
virtual links through the public network that connects 
a plurality of channel nodes, the channel nodes 
including the source node and the destination node, 
wherein only the channel nodes are permitted to 
communicate over the channel, 
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wherein the channel key is updated upon an addition of a 

new channel node to the channel, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel; and 
sending the packet over the channel to the destination node using the 
address mapping, the address mapping reflecting a relationship 
between an internal address for the destination node for use in 
communicating among nodes in the second private network and an 
external address for the destination node suitable for 
communicating over the public infrastructure. 



18. (Previously Presented) The computer-readable medium of claim 17, said 
sending further comprising, 

adding the external address to the packet. 

19. (Previously Presented) The computer-readable medium of claim 17, said 
sending further comprising, 

encrypting the packet. 



20. (Previously Presented) The computer-readable medium of claim 17, said 
obtaining comprising, 

accessing the address mapping based on a determination that the packet 
is destined for the second private network. 

21 . (Previously Presented) The computer-readable medium of claim 17, said 
determining comprising, 

determining whether an address mapping exists for a destination address 
in the packet. 
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22. (Previously Presented) A tangible computer-readable storage medium 
containing instructions which, when executed by a processor, perform a method 
for communicating between a first private network and a second private network 
that uses a public network infrastructure, the method comprising: 

receiving a non-tunneled packet from a source node in the second pnvate 
network; 

determining whether the packet is destined for the second private network; 
obtaining an address mapping corresponding to a router node and 

acquiring a channel key associated with a channel based on the 

determination, 

wherein the channel comprises a plurality of non-tunneled 
virtual links through the public network that connects 
a plurality of channel nodes, the channel nodes 
including the source node and the router node, 
wherein only the channel nodes are permitted to 

communicate over the channel, 
wherein the channel key is updated upon an addition of a 

new channel node to the channel, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel; and 
sending the packet over the channel to the router node using the address 
mapping, wherein the router node forwards the packet to a 
destination node in the first private network based on an internal 
address in the packet for the destination node suitable for 
communicating among nodes in the first private network. 

23. (Previously Presented) The computer-readable medium of claim 22, said 
sending further comprising, 

adding, to the packet, an external address for the router node suitable for 
communicating over the public infrastructure. 
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24. (Previously Presented) The computer-readable medium of claim 22, said 
sending further comprising, 

encrypting the packet. 

25. (Previously Presented) The computer-readable medium of claim 22, said 
obtaining comprising, 

accessing the address mapping based on a determination that the packet 
is not destined for the second private network. 

26. (Previously Presented) The computer-readable medium of claim 22, said 
determining comprising, 

determining whether an address mapping exists for a destination address 
in the packet. 

27. (Currently Amended) An apparatus for communicating between a first private 
network and a second private network configured from nodes in a public network 
infrastructure, comprising: 

means for receiving a non-tunneled packet from a source node in the first 
private network; 

means for determining whether the packet is destined for the second 
private network; 

means for obtaining an address mapping corresponding to a destination 
node in the second private network and acquiring a channel key 
associated with a channel based on the determination; and 

means for sending the packet over the channel to the destination node 
using the address mapping, the address mapping reflecting a 
relationship between an internal address for the destination node 
for use in communicating among nodes in the second private 
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network and an external address for the destination node suitable 
for communicating over tlie public infrastructure , wherein 
the channel key expires after a predetermined amount of time . 

28. (Previously Presented) The apparatus of claim 27, said means for sending 
further comprising, 

means for adding the external address to the packet. 

29. (Previously Presented) The apparatus of claim 27, said means for sending 
further comprising, 

means for encrypting the packet. 

30. (Previously Presented) The apparatus of claim 27, said means for obtaining 
comprising, 

means for accessing the address mapping based on a determination that 
the packet is destined for the second private network. 

31 . (Previously Presented) The apparatus of claim 27, said means for determining 
comprising, 

means for determining whether an address mapping exists for a 
destination address in the packet. 

32. (Currently Amended) An apparatus for communicating between a first private 
network and a second private network configured from nodes in a public network 
infrastructure, comprising: 

means for receiving a non-tunneled packet from a source node in the 

second private network; 
means for determining whether the packet is destined for the second 

private network; 



-12- 



Application No.: 09/839,300 
Customer No. 22,852 
Attorney Docket No. 06502.0333-00 

means for obtaining an address mapping corresponding to a router node 
and acquiring a channel l<ey associated with a channel based on 
the determination; 

means for sending the packet over the channel to the router node using 
the address mapping, wherein the router node fonA/ards the packet 
to a destination node in the first private network based on an 
internal address in the packet for the destination node suitable for 
communicating among nodes in the first private network , wherein 

the channel kev expires after a predetermined amount of time . 

33. (Previously Presented) The apparatus of claim 32, said means for sending 
further comprising, 

means for adding, to the packet, an external address for the router node 
suitable for communicating over the public infrastructure. 

34. (Previously Presented) The apparatus of claim 32, said means for sending 
further comprising, 

means for encrypting the packet. 

35. (Previously Presented) The apparatus of claim 32, said means for obtaining 
comprising, 

means for accessing the address mapping based on a determination that 
the packet is not destined for the second private network. 

36. (Previously Presented) The apparatus of claim 32, said means for determining 
comprising, 

means for determining whether an address mapping exists for a 
destination address in the packet. 
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(Previously Presented) A method for communicating between a first private 
network and a second private network configured from nodes in a public network, 
comprising: 

receiving, at a router node, a first non-tunneled packet from a source node 
in the first private network, wherein the router node facilitates 
connection between the first private network and the second private 
network; 

determining whether the first packet is destined for the second private 
network; 

obtaining an address mapping corresponding to a second destination 
node in the second private network and acquiring a channel key 
associated with a channel based on the determination, 

wherein the channel comprises a plurality of non-tunneled 
virtual links through the public network that connects 
a plurality of channel nodes, the channel nodes 
including the source node and the router node, 
wherein only the channel nodes are permitted to 

communicate over the channel, 
wherein the channel key is updated upon an addition of a 

new channel node to the channel, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel; 
sending the first packet over the channel to the second destination node 
using the address mapping, the address mapping reflecting a 
relationship between an internal address for the second destination 
node for use in communicating among nodes in the second private 
network and an external address for the second destination node 
suitable for communicating over the public infrastructure; 
receiving a second non-tunneled packet from a source node in the second 
private network; 
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determining whether the second packet is destined for the second private 
network; 

obtaining an address mapping corresponding to the router node based on 
the determination that the second packet is not destined for the 
second private network; and 

sending the packet over the channel to the router node using the address 
mapping corresponding to the router node, wherein the router node 
forwards the packet to a first destination node in the first private 
network based on an internal address in the second packet for the 
first destination node suitable for communicating among nodes in 
the first private network. 
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